The present invention generally relates to account protection and more specifically to methods and apparatus for restricting access to an account using different account numbers associated with different subsets of operations.
An account number is typically exchanged when a transaction between two parties is being performed. For example, an account holder may enter into a transaction with another party in which the account holder's account number is given to the other party. The party can then use the account number to perform transactions with the user's account. For example, the party can request operations such as depositing money, withdrawing money, etc. It should be noted that the transactions may not always be financial in nature. For example, the transaction may be depositing a document in an account, requesting access to information in an account, etc.
With the advent of the Internet, some transactions may not be face to face. For example, an account holder may be transacting with a party that is only known through a website to the account holder. Additionally, when account numbers are revealed in transactions, they may be susceptible to being intercepted by other parties independent of the transaction. This makes revealing an account number to another party more susceptible to fraud. Also, even in face-to-face transactions, any time an account number is revealed to another party, fraud may occur. Accordingly, the other party may exploit the information that is revealed in order to request operations that are not desired by the account holder. For example, instead of depositing money into the account holder's account, the party may withdraw money.
Often the intent of providing an account number to another party is to facilitate the receipt of funds or information. For example, suppose party A wishes to send funds (make a payment) to party B. Party B may provide his account number in order that Party A can effect the transaction electronically, thus transferring the funds more efficiently and quickly than through other methods. An example of this is wire transfer of money. Other examples include systems managing things other than money, such as documents, pictures, or even physical objects.
The risk of these systems is that in current practice a single account number is used for complete access to the account. Thus, if Party B reveals his one and only account number to Party A (in order to facilitate a deposit), Party B risks that Party A may also conduct unauthorized withdrawals. Also, the use of only a single number for all transactions of all types provides no secure way to distinguish between those transactions. If Party A performs a transaction but in doing so claims to be Party C, Party B has no way to know it was really Party A.